In a cellular radio telephone network of the GSM type, provision is made for supplying the subscriber with application services based on the execution of application programs within SIM chip cards. These services are carried out by a standardized technology, commonly known as the SIM Application Toolkit. One particular feature, called pro-activity, makes it possible for the SIM card, while a program is being run, to address requests to the outside world: the terminal, the subscriber, and the network.
For example, such application programs comprise menus for interrogating a bank server and conducting bank transactions from the terminal at a distance. The development of value-added service applications, executed in the SIM card, requires means for the distribution and maintenance of these applications during the course of the subscription. This is possible by personalizing the SIM card with adequate programs prior to its being sent to the subscriber, or by remotely loading via radio or by loading these programs into the SIM card directly at the point of sale.
The prior technique also provides for an additional chip card which is distinct from the SIM card and which can be inserted in the terminal or which can be linked to the terminal of the SIM card by an external reader. The second card is controlled by a program that is being carried out in the SIM card. The terminal performs a transparent role by simply transmitting the commands prepared by the SIM card to the second card. This exchange of commands is intended to develop services that will involve all types of chip cards. For example, the second card is a bank card that can thus offer remote payment services on the mobile terminal.
The second card becomes a means for the distribution of applications by transporting programs performing value-added services, such as those one may find currently in the SIM card.
The introduction of the second card in the terminal entails a drawback in that the application is no longer necessarily furnished by the operator of the network and thus not subject to authenticity checks. The second card does not contain any means for certifying its content through the terminal, the first card, or the network.